API Update global role + fixed issue with GUI custom role edition

[luddaniel]

What this PR does / why we need it:

• Global role can now be updated via API
• Customised role can now be edited via GUI

PR is in Draft mode waiting for an answer. Guide to Create Global Role and to Delete a Global Role suggest to use $API_TOKEN. As a matter of fact you don't need it. Question is : Should we add SuperAdmin authorization on create, update and delete of a Global Role ? I would say yes but I want your opinion.

Which issue(s) this PR closes:

• Fixes Custom roles cannot be edited, throws error: "The role was not able to be saved. Role with this alias already exists" #8808
• Closes Edit Global Roles using Native API #10575

Special notes for your reviewer:

I removed a comment @todo update permissionModificationTime here. as it is handled later/deeper here : DvObject savedDvObject = dvObjectService.updatePermissionIndexTime(dvObject);

Demos:

• Global role can now be updated via API

Update.Role.via.API.mp4

• Customised role can now be edited via GUI

Edit.custom.role.GUI.mp4

Suggestions on how to test this:
Play around roles and permissions.
Ex :
roles.json

{
   "alias":"sys1",
   "name":"Restricted System Role",
   "description":"A person who may only add datasets.",
   "permissions":[
      "AddDataset"
   ]
}

Create a new global role :
curl -H 'Content-Type: application/json' -X POST "http://localhost:8080/api/admin/roles" --upload-file roles.json
Change roles.json :

{
   "alias":"sys1",
   "name":"Restricted System Role 23",
   "description":"A person who may only add datasets.",
   "permissions":[
      "AddDataset"
   ]
}

Update Role (Try to change name) :
curl -H 'Content-Type: application/json' -X PUT "http://localhost:8080/api/admin/roles/15" --upload-file roles.json
OK

Try to update Curator role (change permissions) :

{
   "alias":"curator",
   "name":"Curator",
   "permissions":[
      "ViewUnpublishedDataverse",
      "ViewUnpublishedDataset",
      "DownloadFile",
      "EditDataset",
      "ManageDatasetPermissions",
      "ManageFilePermissions",
      "PublishDataset",
      "DeleteDatasetDraft"
   ],
   "description":"For datasets, a person who can edit License + Terms, edit Permissions, and publish datasets."
}

curl -H 'Content-Type: application/json' -X PUT "http://localhost:8080/api/admin/roles/7" --upload-file roles.json
OK

[coveralls]

coverage: 20.57% (-0.003%) from 20.573%
when pulling c29a9af on Recherche-Data-Gouv:8808-10575-update-global-role
into 3c55c3f on IQSS:develop.

[coveralls]

coverage: 20.57% (-0.003%) from 20.573%
when pulling 7d55ae1 on Recherche-Data-Gouv:8808-10575-update-global-role
into 3c55c3f on IQSS:develop.

[pdurbin]

PR is in Draft mode waiting for an answer. Guide to Create Global Role and to Delete a Global Role suggest to use $API_TOKEN. As a matter of fact you don't need it. Question is : Should we add SuperAdmin authorization on create, update and delete of a Global Role ? I would say yes but I want your opinion.

These are both under /api/admin so I think it's ok to leave them as non-superuser because /api/admin should be blocked.

[pdurbin]

I'm just leaving a little comment for now. Overall, this looks great!

[pdurbin]

Should this be PUT instead of POST? 🤔

[luddaniel]

No doubt in my mind : PUT to update, copy paste from the web :

• POST requests create child resources at a server defined URI. POST is also used as general processing operation
• PUT requests create or replace the resource at the client defined URI

[pdurbin]

Ok, but I find the docs confusing. "data PUTed" followed by POST.

[luddaniel]

You are right ! I'll change POST http://$SERVER/api/admin/roles

[poikilotherm]

REST good practices: 1, 2, 3

• POST is for creation of new resources
• PUT is for updates / replacements in an idempotent way (complete object is provided/required). Will create new object if not existing, too
• PATCH is for partial updates / modifications

As this is about "updating" a global role, this should use a "PUT" request and the docs should note the requirement of a complete object and the inability to update the role partially.

[coveralls]

coverage: 20.571% (-0.002%) from 20.573%
when pulling 9d0004d on Recherche-Data-Gouv:8808-10575-update-global-role
into 3c55c3f on IQSS:develop.

[luddaniel]

@pdurbin @poikilotherm Guide is updated (sorry for the force-push fixing git bad manipulation).

[coveralls]

coverage: 20.571% (-0.003%) from 20.574%
when pulling 1b115dc on Recherche-Data-Gouv:8808-10575-update-global-role
into 5bf6b6d on IQSS:develop.

[coveralls]

coverage: 20.571% (-0.003%) from 20.574%
when pulling 1b115dc on Recherche-Data-Gouv:8808-10575-update-global-role
into 5bf6b6d on IQSS:develop.

[coveralls]

coverage: 20.571% (-0.003%) from 20.574%
when pulling 1b115dc on Recherche-Data-Gouv:8808-10575-update-global-role
into 5bf6b6d on IQSS:develop.

[pdurbin]

@gwendoux suggested this for 6.4 and I agree if would be nice.

@luddaniel the plan is to not require superuser right? The API endpoints are safe under /api/admin. Can you please merge the latest from develop and mark this pull request as non-draft if you're ready? Thanks!

[pdurbin]

Above, at return ok(json(rolesSvc.save(roleDto.asRole()))); I'm getting the following error when trying to set up Dataverse for the first time:

{"status":"ERROR","message":"Exception thrown from bean: jakarta.ejb.EJBTransactionRolledbackException: Exception thrown from bean: java.lang.NullPointerException: Cannot invoke \"edu.harvard.iq.dataverse.DvObject.isInstanceofDataverse()\" because \"definitionPoint\" is null"}

Specifically, I'm doing this:

rm -rf docker-dev-volumes

mvn -Pct clean package docker:run

@luddaniel can you replicate this?